1. Introduction and Scope

PRX Tech LLC ("Company," "we," "us," or "our") operates the Prescribe Rx telehealth software platform ("Platform"). This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information and protected health information ("PHI") when you access or use the Platform.

This Policy applies to all users of the Platform, including patients, healthcare providers, organizational clients, and sales partners, and is incorporated into and subject to our Terms and Conditions.

We are committed to protecting your privacy in compliance with all applicable laws, including HIPAA, the HITECH Act, applicable state privacy laws, and Twilio's Acceptable Use Policy for A2P 10DLC SMS messaging.

2. Information We Collect

2.1 Information You Provide Directly

• Identity & Contact: Full name, date of birth, mailing address, email address, mobile phone number, and demographic information
• Health Information: Medical history, current medications, laboratory results, diagnoses, treatment plans, and other clinical data constituting PHI
• Account Credentials: Username, password, and security question responses
• Financial Information: Payment card details, billing address, and insurance information (processed via PCI-compliant third-party processors)
• Communications: Messages, inquiries, and feedback submitted through the Platform

2.2 Information Collected Automatically

• Device & Usage Data: IP address, browser type, operating system, pages visited, time spent, and clickstream data
• Cookies & Tracking: Session cookies, persistent cookies, and similar technologies used for authentication and analytics
• Log Data: Server logs, error reports, and security event logs

2.3 Information from Third Parties

• Clinical notes, prescriptions, and referrals shared by your care team
• Prescription fulfillment status and dispensing records from pharmacy partners
• Diagnostic test orders and results from laboratory services
• Identity document verification data

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and improving the Platform and its features
• Facilitating telehealth consultations and care coordination
• Processing prescriptions and pharmacy orders
• Verifying your identity and authenticating account access via OTP/MFA
• Sending transactional, clinical, and security communications via email and SMS
• Processing payments and managing billing
• Complying with applicable legal, regulatory, and accreditation requirements
• Detecting, preventing, and responding to fraud and security incidents
• Enforcing our Terms and Conditions and other applicable policies

4. SMS/Text Message Communications & Twilio Compliance

4.1 Collection and Use of Phone Numbers

We collect your mobile phone number for the sole purpose of sending you SMS/MMS messages in connection with the services you have requested or for which you have provided explicit consent. Message types include OTP authentication codes, appointment reminders, prescription updates, clinical care alerts, and account security notifications.

4.2 No Sharing of SMS Consent Data — Critical Disclosure

This disclosure is made in compliance with Twilio's Acceptable Use Policy, A2P 10DLC carrier requirements, and applicable TCPA regulations.

4.3 SMS Opt-In Mechanism

We obtain your consent to receive SMS messages through the following methods:

• Web opt-in: By checking an SMS consent checkbox during account registration or appointment scheduling
• Verbal consent: Recorded and documented by a healthcare representative during onboarding
• Written consent: Via signed patient intake forms where required by applicable law

4.4 How to Opt Out (Unsubscribe)

Upon receipt of your opt-out request, you will receive one final confirmation SMS and will be removed from our messaging list within a commercially reasonable time.

4.5 Message Frequency & Rates

Message frequency varies based on the services you use and your activity on the Platform. Security messages (OTP codes) are triggered by your own login attempts. Standard message and data rates may apply. Wireless carriers are not liable for delayed or undelivered messages.

4.6 Help

Reply HELP to any message you receive, or contact us at compliance@prescribe-rx.com or (678) 324-4763.

5. How We Share Your Information

5.1 Healthcare Operations and Treatment

We may share your PHI with licensed healthcare providers, pharmacists, laboratory personnel, and other members of your care team as necessary to provide treatment and coordinate care, as permitted under HIPAA.

5.2 Business Associates

We may share your information with vendors subject to executed Business Associate Agreements (BAAs) requiring them to maintain the confidentiality and security of your PHI. These may include cloud infrastructure providers (AWS), SMS providers (Twilio — used solely for delivery of agreed communications), EHR vendors, payment processors, and identity verification services.

5.3 Legal Requirements

We may disclose your information when required by law, including in response to valid court orders, subpoenas, or regulatory investigations, or when necessary to prevent imminent threats to health or safety.

5.4 What We Do NOT Do

6. Data Security

PRX Tech LLC implements comprehensive administrative, physical, and technical safeguards to protect your information in compliance with the HIPAA Security Rule. Our security measures include:

• Encryption of all data at rest and in transit (AES-256, TLS 1.2+)
• Deployment on HIPAA-compliant AWS infrastructure with dedicated security controls
• Role-based access control (RBAC) limiting data access to authorized personnel only
• Multi-factor authentication (MFA) for all administrative access
• Regular security risk assessments and vulnerability management
• Immutable audit logging of all access to PHI
• Formal incident response and breach notification procedures compliant with HIPAA Breach Notification Rule
• Employee HIPAA training and background checks

7. Data Retention

We retain your personal information and PHI for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations (including state medical records retention laws requiring 7–10 years or longer), resolve disputes, and enforce our agreements.

SMS consent records are retained for a minimum of five (5) years to satisfy regulatory and carrier compliance requirements.

When information is no longer required, we destroy or de-identify it in a secure manner consistent with HIPAA requirements.

8. Your Rights and Choices

8.1 HIPAA Patient Rights

As a patient user, you have the following rights under HIPAA with respect to your PHI:

• Right to Access: Request a copy of your PHI maintained by us
• Right to Amend: Request correction of inaccurate or incomplete PHI
• Right to Accounting: Request a record of certain disclosures of your PHI
• Right to Restrict: Request restrictions on certain uses and disclosures
• Right to Confidential Communications: Request alternative means of contact
• Right to Complain: File a complaint with us or HHS Office for Civil Rights

To exercise these rights, submit a written request to compliance@prescribe-rx.com or (678) 324-4763.

8.2 Additional State Privacy Rights

Depending on your state of residence, you may have additional rights under state privacy laws, including rights under the California Consumer Privacy Act (CCPA) or similar statutes. Please contact us to learn more about rights applicable to your jurisdiction.

9. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a minor, we will take prompt steps to delete such information. If you believe a minor has provided us with personal information, please contact us at compliance@prescribe-rx.com.

10. Interstate and Cross-Border Considerations

The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your jurisdiction. By using the Platform, you consent to the transfer of your information to the United States.

11. Third-Party Links and Services

The Platform may contain links to third-party websites or integrate with third-party services. This Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

12. Notice of Privacy Practices

As a HIPAA-covered entity, we maintain a Notice of Privacy Practices (NPP) that describes in detail how we use and disclose PHI, your rights, and our legal obligations. The NPP is available within the Platform and can be requested in writing by contacting us at the information provided in Section 14.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective upon posting of the updated Policy with a revised Effective Date. For material changes, we will provide notice through the Platform interface or by email. Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the changes.

14. Contact Information and Complaints

For questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact our Privacy and Compliance team:

Federal Complaint Contact

To file a complaint regarding HIPAA violations with the federal government:

• U.S. Dept. of Health & Human Services, Office for Civil Rights
• 200 Independence Avenue, S.W., Washington, D.C. 20201
• Phone: 1-800-368-1019  |  Website: www.hhs.gov/ocr

By using the Prescribe Rx platform, you acknowledge that you have read and understood this Privacy Policy.